Solutions

Access to our demo portal

Benefits

Identity providerThe product acts as an identity provider, allows federation with external providers and enhances the security in the authentication of existing users and groups. It supports corporate directories (including Kerberos), national eIDs and social identifiers (i.e., LinkedIn, Facebook, etc.).

Layered securityAn additional layer of security transparently assesses the authentication risk level by taking into account the user's profile, habits and biometrics. Users continue using their identities. They are only prompted for an additional authentication step when a certain risk threshold is exceeded.

Cloud applicationsAuthentication control is extended to Cloud applications such as Google Apps, Salesforce and Office 365 through the implementation of standard Web and Cloud protocols. SAML 2.0 and OAuth 2.0 / OpenID Connect are supported for the federation of applications.

Centralized control and auditingAuthentication factors can be tailored to each user group (employees, collaborators, clients, etc.) and application. Single sign-on is managed according to the required trust level. Security incidents are responded to quickly. All the audit information is centralized, with data provided on each authentication decision.

Operation

The authentication platform acts as an identity provider for the applications and enables customizing the authentication in each case using:

Authentication flows, which deploy highly configurable sequences of steps that adapt the authentication behaviour to the security requirements of each application, the user identity, the available authentication mechanisms and the connection context.

Context analysis policies, which analyse the user's device, location and connection habits to assess the risk of the authentication. Each policy is highly configurable and supports establishing which factors are considered and their weightings.

An authentication method classification, which determines the security level reached in each authentication.

Single sign-on (SSO), which streamlines the authentication of the users in multiple applications while respecting the security requirements.

Intuitive server authentication, which safeguards users against phishing and pharming attacks and entails the users having to recognize a customized image in the authentication interface.

Characteristics of context-aware authentication:

TrustedX keeps a profile for each user. This profile is updated progressively and transparently after each access.In the interest of privacy, profiles can be abstracted from the explicit user identities.

Users can explicitly register trusted devices.TrustedX can recognize the devices registered by a user and any other devices used by that user.

TrustedX can recognize the user's keystroke dynamics, even for devices it has not been explicitly trained on. Keystroke dynamics is a biometric factor that does not affect the user experience.

Network information can be used to obtain the geographic location of the user, recognize locations the user has previously visited and even check whether the user accessed with the same device from this location. It can even check if the user could have physically traveled between two consecutive access locations.

The risk assessment of an authentication can be determinant if the user is required to pass a set of factors. Alternatively, the risk can be assessed globally using a weighted combination of several factors. Optional factors can be used to detect minor anomalies.

An application is provided in which users can speed up the learning of some factors related to their authentication.

To facilitate configuring policies in the pre-production stage, TrustedX can operate in observation mode without interfering in the usual authentication.

The platform provides detailed reports and graphs on the authentication factors analyzed in each access, both for auditing purposes and for fine tuning the policies applied in each use case.

The capture of all the context-aware authentication factors uses browser and server technologies that do not require applets or plug-ins or the installation of software in the user devices.

Applications can invoke authentication functionality using the SAML 2.0 (e.g., Google Apps and Salesforce) and OAuth 2.0 (adapted for mobile applications) protocols, both HTTP based. In each authentication response, TrustedX includes the identity attributes required for applications to establish their own sessions. The platform also supports the applications invoking the TrustedX signature and encryption services.

Architecture

TrustedX acts as an agent between the user applications and the identity services. The applications use the OAuth 2.0 or SAML 2.0 protocols to invoke TrustedX. LDAP/AD, RADIUS and PKI identity services are supported.

The platform provides the following strategies for integrating the authentication, which even includes integration wiht existing deployments:

Standard, which uses TrustedX's end user authentication interface.

Delegated graphical interface, which provides a user experience that is more harmonious with the applications.

Externalized in other identity providers, which is complemented with TrustedX's adaptive authentication and SSO functionality.

Videos

PDF Document Signing with Safelayer Mobile ID

This video shows how to sign a PDF document using a smartphone. After logging into a document management portal, the user selects a PDF document and signs it electronically using only his smartphone.

OOB Transaction Verification with Safelayer Mobile ID

This video shows the transaction verification process using a second channel. The user is prompted to confirm the details of an operation with his smartphone via the Safelayer Mobile ID App.

Facebook federation and and step-up with Safelayer MobileID

This video shows how a smartphone with Safelayer Mobile ID can be used to provide a website with additional guarantees on the identity of the logged-in user (step-up).

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.I accept cookies from this site